IPv6 No Gateway after 2.5 upgrade
-
Have you configured something to happen when the monitor fails? If not, why use it?
-
Renabled IP6 / XFinity this morning. Disabled monitoring.
From the SSH console interface I can ping the Google IP6 DNS servers fine.
From a shell I cannot ping the Google IP6 DNS servers.
Disabled IP6 and deleted the DUID file under /var/db/dhcp6c_duid
per
Comcast's IPv6 prefix delegation is based on the DUID of your system as generated when it was first being set up.
-
@jknott It seemed to be affecting dynamic DNS.
Dynamic DNS (RFC2136 clients) was only publishing an A record for a DDNS update that should have included the v4 and v6 IPs of the WAN interface, and had with 2.4.5-p1. That's what originally led me to start looking to see if something odd was going on with IPv6 or DHCP6 after the upgrade.
Once I added the gateway monitor manually, it immediately posted a new DDNS update with a AAAA record added.
-
Could you provide more information about your configuration?
Unable to reproduce it in my testing environment:
-
Renabled IP6 on the WAN interface.
I can now ping the Google IP6 DNS server: 2001:4860:4860::8888
From the console:
root: ping6 2001:4860:4860::8888
PING6(56=40+8+8 bytes) 2607:XXX --> 2001:4860:4860::8888
16 bytes from 2001:4860:4860::8888, icmp_seq=0 hlim=117 time=40.559 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=1 hlim=117 time=30.148 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=2 hlim=117 time=39.546 ms
16 bytes from 2001:4860:4860::8888, icmp_seq=3 hlim=117 time=39.262 msTesting Comcast test-ipv6.comcast.net and ipv6-test.com shows I have no IP6.
IP6 Gateway states on Dashboard shows pending with status unknown.
-
@viktor_g I'm happy to assist, but I'm not certain what information to give. Can you be more specific?
Here's a bunch of stuff that may or may not be helpful :)
WAN
LAN
GATEWAY
RA
-
An update: my clients are now routing IPv6 correctly, but the gateway issue persists.
I needed to update a couple firewall rules, but my rules have been failing to apply since my CoDel limiter requires an address on my IPv6 gateway to function. I disabled the IPv6 pass rule that applies the limiter so that I could complete my other update. After doing so, IPv6 traffic has begun to flow again.
So it seems there is no issue with the underlying routing, in my case. Only that without a gateway address populated on the interface, I'm unable to apply my limiter. Possibly other issues? Not sure, but perhaps this changes the conversation a bit?
-
@k3nb5t What is that IPv6 Address pointed to for your monitor IP?
-
@spacey That's Google Public DNS. I don't use their DNS services, but I do ping them :)
https://developers.google.com/speed/public-dns/docs/using
-
@k3nb5t said in IPv6 No Gateway after 2.5 upgrade:
https://developers.google.com/speed/public-dns/docs/using
I'd hate to hijack the thread but I am also experiencing this issue with WAN IPv6 on Comcast, strangely under interfaces it says it has an IPv6 address, even for LAN, but under Gateways it says Unknown and Pending for IPv6- where it didn't previously before updating. I tried everything mentioned in this thread, also not quite sure why after editing the monitor IP (which didn't work) for WAN DHCPv6 it shows an anchor now
-
Actually Update- it works now after restarting and putting the monitor IP as Google (which I don't understand why this has to be done I don't want to use Google at all and never had this previously at all)
But still doesn't display correctly
-
@spacey said in IPv6 No Gateway after 2.5 upgrade:
why after editing the monitor IP (which didn't work) for WAN DHCPv6 it shows an anchor now
Because once you edited it and saved the gateway, it overrides the default in the list. If you delete it, the default will reappear and will not have an anchor. You will also notice that you won't be able to delete the default.
-
Got it working here too using the IP6 address on the WAN interface as a monitor ID.
On the LAN side I can now ping Google's IP6 DNS servers.
May change the monitor IP to Google IP6 DNS server as it was before.
1 - "What is my IP" is showing an IP6 address
2 - test-ipv6.comcast.net shows a 10 now
3 - ipv6-test.com shows 17/20.
4 - not showing an IP 6 gateway address in Dashboard
5 - not showing an IP 6 address in console
6 - can ping google's IP6 DNS servers from the console shell and pingAs mentioned above looks like but not sure that it is a DHCP6 issue or PFSense doesn't display gateway address anymore??
-
Seems like the IPv6 link-local gateway address is not being parsed and populated neither for Status | Gateways or Status | Interfaces
From my experience, it was partially defunct (restarting dpinger solved this after a reboot) on 2.4.5-p1 and completely borked now with pfSense+ 21.02 and pfSense CE 2.5.
-
@lnguyen I'm beginning to wonder if it's possible to copy the interfaces section of my 2.4.5 XML file - specifically the DHCPv6, and appending it to my current 2.5 XML, having a hard time narrowing it down where it would go into, looking at the two side by side there isn't much of a difference, I just know it displayed correctly in Gateways for WAN DHCPv6 with the IPv6 address and showed online. ugh.
-
@spacey Obviously there is an underlying regression in code but for now what do you want to accomplish?
- Display the IPv6 Link-Local Gateway address
and/or
- Monitor the IPv6 Link-Local Gateway address
If so you can grab the IPv6 Link-Local Gateway address from Diagnostics | Routes and manually define it:
System | Routing | Gateways | WAN_DHCP6 | Monitor IP -
@spacey said in IPv6 No Gateway after 2.5 upgrade:
wonder if it's possible to copy the interfaces section of my 2.4.5 XML file - specifically the DHCPv6, and appending it to my current 2.5 XML
I don't believe this would yield a positive difference as I think the issue is not config but rather code.
-
Issue has been reported on Redmine:
https://redmine.pfsense.org/issues/11454
-
@lnguyen said in IPv6 No Gateway after 2.5 upgrade:
https://redmine.pfsense.org/issues/11454
Thanks for filing that bug. Hopefully it gets some attention soon. I think you are right about a bug in the code. I just upgraded to 21.02-RELEASE for my SG-1100. It states for WAN_DHCP6 unknown for status. Yet the following is true.
- Under interfaces it lists the IPV6 address for WAN
- I can ping ipv6.google.com with IP protocol IPV6 from Diagnostics -> Ping
-
@anzenketh said in IPv6 No Gateway after 2.5 upgrade:
Thanks for filing that bug.
Someone else filed it. I only shared it here in the forums.
Under interfaces it lists the IPV6 address for WAN
I can ping ipv6.google.com with IP protocol IPV6 from Diagnostics -> PingTake note that in 2.4.5-p1 under Status | Interfaces there is a field for Gateway IPv6. This is completely missing for pfSense+ 21.02 and pfSense CE 2.5
WAN Interface (wan, igb0) Status up DHCP up Relinquish Lease MAC Address 00:08:a2:00:00:00 - ADI Engineering IPv4 Address X.X.X.X Subnet mask IPv4 255.255.248.0 Gateway IPv4 X.X.X.X IPv6 Link Local fe80::X%igb0 IPv6 Address X::X Subnet mask IPv6 128 Gateway IPv6 fe80::X DNS servers 127.0.0.1
